Vulnerabilities > Web2Py

DATE CVE VULNERABILITY TITLE RISK
2023-10-16 CVE-2023-45158 OS Command Injection vulnerability in Web2Py
An OS command injection vulnerability exists in web2py 2.24.1 and earlier.
network
low complexity
web2py CWE-78
critical
9.8
2023-03-06 CVE-2023-22432 Open Redirect vulnerability in Web2Py
Open redirect vulnerability exists in web2py versions prior to 2.23.1.
network
low complexity
web2py CWE-601
6.1
2022-06-27 CVE-2022-33146 Open Redirect vulnerability in Web2Py
Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
network
web2py CWE-601
5.8
2018-02-06 CVE-2016-3957 Deserialization of Untrusted Data vulnerability in Web2Py
The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.
network
low complexity
web2py CWE-502
7.5
2018-02-06 CVE-2016-3954 Information Exposure vulnerability in Web2Py
web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status.
local
low complexity
web2py CWE-200
2.1
2018-02-06 CVE-2016-3953 Use of Hard-coded Credentials vulnerability in Web2Py
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.
network
low complexity
web2py CWE-798
7.5
2018-02-06 CVE-2016-3952 Credentials Management vulnerability in Web2Py
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify.
local
low complexity
web2py CWE-255
2.1
2017-10-18 CVE-2015-6961 Open Redirect vulnerability in Web2Py 2.9.11
Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout.
network
web2py CWE-601
5.8
2017-04-10 CVE-2016-10321 7PK - Security Features vulnerability in Web2Py
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.
network
low complexity
web2py CWE-254
5.0
2017-01-11 CVE-2016-4808 Cross-Site Request Forgery (CSRF) vulnerability in Web2Py
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
network
web2py CWE-352
6.8